Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Openwall GNU/*/Linux Information for VU#399883

Date Notified:2002-09-26
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

While Openwall GNU/*/Linux doesn't (yet?) include a print server, our groff package did have the unfortunate pic(1) property and did provide a print filter for use on potentially untrusted input by a third-party print server package one could install. This has been corrected in Owl-current and documented as a potential security fix in the system-wide change log on 2001/09/02 (over a year ago):

http://www.openwall.com/Owl/CHANGES.shtml

A patch by Sebastian Krahmer of SuSE Security Team has been applied to pic(1) to restrict the format string processing. The print filter has been dropped from the package.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2012 by US-CERT, a government organization
Disclaimers and copyright information